Skip to content

Commit 4cbc486

Browse files
jonesbusyKevin-CB
authored andcommitted
SECURITY-3017
1 parent 8191fd5 commit 4cbc486

File tree

7 files changed

+34
-20
lines changed

7 files changed

+34
-20
lines changed

src/main/java/org/jenkinsci/plugins/ansible/AbstractAnsibleInvocation.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -121,7 +121,7 @@ public ArgumentListBuilder appendExtraVars(ArgumentListBuilder args) {
121121
if (extraVars != null && ! extraVars.isEmpty()) {
122122
for (ExtraVar var : extraVars) {
123123
args.add("-e");
124-
String value = envVars.expand(var.getValue());
124+
String value = envVars.expand(var.getSecretValue().getPlainText());
125125
if (Pattern.compile("\\s").matcher(value).find()) {
126126
value = Util.singleQuote(value);
127127
}

src/main/java/org/jenkinsci/plugins/ansible/ExtraVar.java

+19-8
Original file line numberDiff line numberDiff line change
@@ -18,42 +18,53 @@
1818
import hudson.Extension;
1919
import hudson.model.AbstractDescribableImpl;
2020
import hudson.model.Descriptor;
21+
import hudson.util.Secret;
22+
2123
import org.kohsuke.stapler.DataBoundConstructor;
2224
import org.kohsuke.stapler.DataBoundSetter;
2325

2426
public class ExtraVar extends AbstractDescribableImpl<ExtraVar> {
2527

2628
public String key;
2729

28-
public String value;
30+
public transient String value;
31+
32+
public Secret secretValue;
2933

30-
public boolean hidden;
34+
public boolean hidden = true;
3135

3236
@DataBoundConstructor
3337
public ExtraVar() {
3438
}
3539

40+
protected Object readResolve() {
41+
if (value != null) {
42+
this.setSecretValue(Secret.fromString(value));
43+
}
44+
return this;
45+
}
46+
3647
@DataBoundSetter
3748
public void setKey(String key) {
3849
this.key = key;
3950
}
4051

4152
@DataBoundSetter
42-
public void setValue(String value) {
43-
this.value = value;
53+
public void setHidden(boolean hidden) {
54+
this.hidden = hidden;
4455
}
4556

4657
@DataBoundSetter
47-
public void setHidden(boolean hidden) {
48-
this.hidden = hidden;
58+
public void setSecretValue(Secret value) {
59+
this.secretValue = value;
4960
}
5061

5162
public String getKey() {
5263
return key;
5364
}
5465

55-
public String getValue() {
56-
return value;
66+
public Secret getSecretValue() {
67+
return this.secretValue;
5768
}
5869

5970
public boolean isHidden() {

src/main/java/org/jenkinsci/plugins/ansible/jobdsl/context/ExtraVarsContext.java

+3-1
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@
66
import javaposse.jobdsl.dsl.Context;
77
import org.jenkinsci.plugins.ansible.ExtraVar;
88

9+
import hudson.util.Secret;
10+
911
/**
1012
* @author pawbur (Pawel Burchard)
1113
*/
@@ -15,7 +17,7 @@ public class ExtraVarsContext implements Context {
1517
public void extraVar(String key, String value, boolean hidden) {
1618
ExtraVar extraVar = new ExtraVar();
1719
extraVar.setKey(key);
18-
extraVar.setValue(value);
20+
extraVar.setSecretValue(Secret.fromString(value));
1921
extraVar.setHidden(hidden);
2022
this.extraVars.add(extraVar);
2123
}

src/main/java/org/jenkinsci/plugins/ansible/workflow/AnsiblePlaybookStep.java

+3-2
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@
3838
import hudson.model.Run;
3939
import hudson.model.TaskListener;
4040
import hudson.util.ListBoxModel;
41+
import hudson.util.Secret;
4142
import jenkins.model.Jenkins;
4243
import org.apache.commons.lang.StringUtils;
4344
import org.jenkinsci.plugins.ansible.AnsibleInstallation;
@@ -383,10 +384,10 @@ private List<ExtraVar> convertExtraVars(Map<String, Object> extraVars) {
383384
var.setKey(entry.getKey());
384385
Object o = entry.getValue();
385386
if (o instanceof Map) {
386-
var.setValue(((Map)o).get("value").toString());
387+
var.setSecretValue((Secret)((Map)o).get("value"));
387388
var.setHidden((Boolean)((Map)o).get("hidden"));
388389
} else {
389-
var.setValue(o.toString());
390+
var.setSecretValue((Secret)o);
390391
var.setHidden(false);
391392
}
392393
extraVarList.add(var);

src/main/resources/org/jenkinsci/plugins/ansible/AnsibleAdHocCommandBuilder/config.jelly

+3-3
Original file line numberDiff line numberDiff line change
@@ -71,11 +71,11 @@
7171
<f:entry title="${%Key}" field="key">
7272
<f:textbox clazz="required" />
7373
</f:entry>
74-
<f:entry title="${%Value}" field="value">
75-
<f:textbox clazz="required" />
74+
<f:entry title="${%Value}" field="secretValue">
75+
<f:password clazz="required" />
7676
</f:entry>
7777
<f:entry title="${%Hidden variable in build log}" field="hidden">
78-
<f:checkbox default="false" />
78+
<f:checkbox default="true" />
7979
</f:entry>
8080
<f:entry>
8181
<div align="right" class="repeatable-delete show-if-only">

src/main/resources/org/jenkinsci/plugins/ansible/AnsiblePlaybookBuilder/config.jelly

+3-3
Original file line numberDiff line numberDiff line change
@@ -80,11 +80,11 @@
8080
<f:entry title="${%Key}" field="key">
8181
<f:textbox clazz="required" />
8282
</f:entry>
83-
<f:entry title="${%Value}" field="value">
84-
<f:textbox clazz="required" />
83+
<f:entry title="${%Value}" field="secretValue">
84+
<f:password clazz="required" />
8585
</f:entry>
8686
<f:entry title="${%Hidden variable in build log}" field="hidden">
87-
<f:checkbox default="false" />
87+
<f:checkbox default="true" />
8888
</f:entry>
8989
<f:entry>
9090
<div align="right" class="repeatable-delete show-if-only">

src/test/java/org/jenkinsci/plugins/ansible/jobdsl/JobDslIntegrationTest.java

+2-2
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ public void shouldCreateJobWithPlaybookDsl() throws Exception {
6464
assertThat("disableHostKeyChecking", step.disableHostKeyChecking, is(false));
6565
assertThat("additionalParameters", step.additionalParameters, is("params"));
6666
assertThat("extraVar.key", step.extraVars.get(0).getKey(), is("key"));
67-
assertThat("extraVar.value", step.extraVars.get(0).getValue(), is("value"));
67+
assertThat("extraVar.value", step.extraVars.get(0).getSecretValue().getPlainText(), is("value"));
6868
assertThat("extraVar.hidden", step.extraVars.get(0).isHidden(), is(true));
6969

7070
}
@@ -93,7 +93,7 @@ public void shouldCreateJobWithLegacyPlaybookDsl() throws Exception {
9393
assertThat("disableHostKeyChecking", step.disableHostKeyChecking, is(true));
9494
assertThat("additionalParameters", step.additionalParameters, is("params"));
9595
assertThat("extraVar.key", step.extraVars.get(0).getKey(), is("key"));
96-
assertThat("extraVar.value", step.extraVars.get(0).getValue(), is("value"));
96+
assertThat("extraVar.value", step.extraVars.get(0).getSecretValue().getPlainText(), is("value"));
9797
assertThat("extraVar.hidden", step.extraVars.get(0).isHidden(), is(true));
9898

9999
}

0 commit comments

Comments
 (0)